Jump to content

CCLEANER.EXE false positive?


aqtech

Recommended Posts

After installing the new CCleaner 3.0 from Piriform's site today, MBAM picked up the following entry as: security.hijack HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\CCLEANER.EXE

I have Windows 7 Home Premium x64 and the x64 version of the new CCleaner is the one installed, specifically 3.00.1303. For the time being, I'm ignoring the detected threat, as I don't want anything to happen to CCleaner.

Thanks in advance

Link to post
Share on other sites

After installing the new CCleaner 3.0 from Piriform's site today, MBAM picked up the following entry as: security.hijack HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options\CCLEANER.EXE

I have Windows 7 Home Premium x64 and the x64 version of the new CCleaner is the one installed, specifically 3.00.1303. For the time being, I'm ignoring the detected threat, as I don't want anything to happen to CCleaner.

Thanks in advance

Oops, meant to include this

mbam_log_2010_10_28__20_37_03_.txt

Link to post
Share on other sites

That key is designed to run other executables instead of the one listed in the key. Normally this would block CCleaner and we would be unblocking it.

I use CCleaner and have never seen this. If your version modified or something?

No, it's not modified to my knowledge. I've used CCleaner for years with MBAM and this is the first I've seen. I figured either I got an infected version or the new 64-bit version of CCleaner is giving a false positive.

Link to post
Share on other sites

Okay, so I also scanned with SAS Pro, which also identified it as the same threat. I went ahead and deleted the file after both what I've seen here and from the second program. Also, I checked the original installer and, as it did before, it prompted me to install the Yahoo toolbar. I deleted that one and re-downloaded the same installer from Piriform. This time, it did not come bundled with the toolbar functions...? I'm not sure what happened or how it happened, to be honest. I re-scanned everything with MBAM, SAS, and Norton, none of which found any threats this time around after re-installing CCleaner with the newly downloaded installer. Weird?

Link to post
Share on other sites

Nothing on 64 bit either.

Did you happen to set CCleaner to run instead of windows cleanup or something? That is about the only legit reason I can come up with for this key being there.

I would just let Malwarebytes remove it, it wont affect CCleaner or windows in any way.

Link to post
Share on other sites

Nothing on 64 bit either.

Did you happen to set CCleaner to run instead of windows cleanup or something? That is about the only legit reason I can come up with for this key being there.

I would just let Malwarebytes remove it, it wont affect CCleaner or windows in any way.

I do have CCleaner set to the /AUTO function via the task scheduler. Would that do it?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.